ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
CRITICAL Vulnerabilities

Squidbleed bug in Squid proxy can expose other users’ HTTP requests

Source headline: 29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests

Threat level Critical
Signal strength 80/100
Source confidence 1 source
Published 2 hours ago

Intelligence Summary

A heap over-read vulnerability in the Squid web proxy can reveal another user’s cleartext HTTP request. Leaked data may include credentials or session tokens present in the request. Any attacker who can send traffic through the same Squid instance may be able to trigger disclosure. The issue is traced to an older FTP-parsing change from 1997 and remains present in Squid’s default configuration. Calif.io disclosed the bug publicly as Squidbleed in June, giving operators a clear patch and hardening target.

Recommended Action

Prioritize immediate review, validate exposure, and patch or mitigate affected systems.

Topics

#information-disclosure #squid #cleartext-http #heap-over-read #squidbleed #web-proxy
Original reporting The Hacker News 29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests
Open original source

Related Pulse Signals

View all signals
High · Vulnerabilities DifyTap reveals Dify cross-tenant flaws that can leak AI chat content High · Vulnerabilities Squidbleed: a long-lived Squid proxy bug may leak sensitive user data High · Vulnerabilities Gravity SMTP WordPress plugin flaw enables leakage of API keys and tokens High · Vulnerabilities Vibe coding can introduce hidden SQL injection risks in new apps